Setting Up SSL for PostgreSQL Export
When selecting the SSL checkbox for PostgreSQL, three inputs appear for entering the names of the secure keys and certificates needed to connect over SSL.
Required Certificates
| Certificate | Description | Required |
|---|---|---|
| SSL Private Key (.key) | The secret key used in the SSL/TLS protocol to encrypt information before transmission. Generated when creating a Certificate Signing Request (CSR). It pairs with the public key in your SSL certificate — the server uses it to decrypt information encrypted by clients. Must be kept private and secure. | Always |
| SSL Certificate (.crt) | A digital certificate containing the public key and server identity, issued by a Certificate Authority (CA). Sent to clients during the SSL/TLS handshake to establish a secure connection, allowing clients to verify the server's identity and encrypt data. | Always |
| CA Certificate | A certificate issued by a trusted CA that establishes the trustworthiness of your SSL certificate. Needed to build a complete trust chain from your certificate back to a trusted root CA. Required for client authentication, mutual TLS (mTLS), or when your SSL certificate is signed by an intermediate CA that clients may not inherently trust. | Conditional |